Quoted on Adotas.com: Today’s Burning Question: Massive Hack Attack Reaction


“According to the article [on CNN’s website], the accounts details that were leaked were obtained using keyloggers installed on end users’ computers. No networks were breached in order to obtain the information, which is good on one side, but it is worrisome on the other. This also gives us a pretty good view on the security status of many computers worldwide. I say computers and not home users because malware infects any kind of computers and not only those at home. As we can see, in the end it is not even a matter of price of a security solution because any decent free antivirus solution detects this malware type. It is an awareness problem. People continue to think that “this can’t happen exactly to me” (that is, becoming infected) despite the massive media coverage of the security issues world-wide. Users have to change their thinking, to take IT security serious and most important of all, to constantly improve their security. I published a free eBook exactly to help these people to understand the risks and to teach them how to make their accounts and devices more secure (available under www.improve-your-security.org). The other view of this incident is that attackers targeted … Facebook, Google, [and] Twitter. This means that there is value in owning the credentials of these accounts. One may think that there is actually little to none money behind these accounts, but if you think better, there is something which is far more interesting for the cybercriminals: the engine to spread their malware. If they own the credentials to these accounts they can impersonate the owners and spread the malware with a very high rate of success. Fortunately, there is something which the users can do to prevent misusage of their credentials: activate two-factors authentication and location-based control. If these extra measures are activated, the system would require on login something that only the user has: a code sent to a mobile phone via SMS or a token generated by something. If the location-based control is activated, the system would warn and depending on the system even prevent a login from a previously unknown and not authorized location or device.” – Sorin Mustaca, product manager at Avira GmbH and online security expert.

© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: